| 本帖最后由 好鸭 于 2022-4-25 14:58 编辑
参考这个https://developers.cloudflare.com/fundamentals/get-started/setup/allow-cloudflare-ip-addresses/
首先,要确定有iptables和ip6tables,自己搞定喔
然后,iptables创建一个链
- iptables -N CLOUDFLARE
- ip6tables -N CLOUDFLARE
复制代码
让INPUT引用
- iptables -A INPUT -j CLOUDFLARE
- ip6tables -A INPUT -j CLOUDFLARE
复制代码
然后把CF的IP加进链里
- for ip in `curl -s https://www.cloudflare.com/ips-v4`;do
- iptables -A CLOUDFLARE -p tcp -m multiport –dports http,https -s $ip -j ACCEPT
- done
- for ip in `curl -s https://www.cloudflare.com/ips-v6`;do
- ip6tables -A CLOUDFLARE -p tcp -m multiport –dports http,https -s $ip -j ACCEPT
- done
复制代码
不允许其他
- iptables -A INPUT -p tcp –dport http,https -j DROP
- ip6tables -A INPUT -p tcp –dport http,https -j DROP
复制代码
搞过一次之后,也就是定时执行的脚本如下
清空链,然后重新加一遍IP
以下保存为脚本,定时执行即可
- iptables -F CLOUDFLARE
- ip6tables -F CLOUDFLARE
- for ip in `curl -s https://www.cloudflare.com/ips-v4`;do
- iptables -A CLOUDFLARE -s $i -j ACCEPT
- done
- for ip in `curl -s https://www.cloudflare.com/ips-v6`;do
- ip6tables -A CLOUDFLARE -s $i -j ACCEPT
- done
- iptables -A INPUT -p tcp –dport http,https -j DROP
- ip6tables -A INPUT -p tcp –dport http,https -j DROP
复制代码
管杀管埋
不玩了,清空上面设置过的规则
- iptables -F CLOUDFLARE
- ip6tables -F CLOUDFLARE
- iptables -D INPUT -j CLOUDFLARE
- ip6tables -D INPUT -j CLOUDFLARE
- iptables -X CLOUDFLARE
- ip6tables -X CLOUDFLARE
- iptables -D INPUT -p tcp –dport http,https -j DROP
- ip6tables -D INPUT -p tcp –dport http,https -j DROP
复制代码
以上没测试,但是应该差不多就是这样
|